Ansible_tower - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ansible_tower
(Redhat)

Repositories	• https://github.com/kyz/libmspack • https://github.com/git/git
#Vulnerabilities	65

Date	Id	Summary	Products	Score	Patch	Annotated
2021-03-09	CVE-2021-20253	A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	Ansible_tower	6.7
2018-07-28	CVE-2018-14682	An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.	Libmspack, Cabextract, Ubuntu_linux, Debian_linux, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	8.8
2018-07-28	CVE-2018-14680	An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.	Libmspack, Cabextract, Ubuntu_linux, Debian_linux, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	6.5
2018-07-28	CVE-2018-14681	An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.	Libmspack, Cabextract, Ubuntu_linux, Debian_linux, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	8.8
2018-07-28	CVE-2018-14679	An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).	Libmspack, Cabextract, Ubuntu_linux, Debian_linux, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	6.5
2018-10-06	CVE-2018-17456	Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.	Ubuntu_linux, Debian_linux, Git, Ansible_tower, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_eus, Enterprise_linux_server_tus, Enterprise_linux_workstation	9.8
2020-07-31	CVE-2020-14337	A data exposure flaw was found in Tower, where sensitive data was revealed from the HTTP return error codes. This flaw allows an unauthenticated, remote attacker to retrieve pages from the default organization and verify existing usernames. The highest threat from this vulnerability is to data confidentiality.	Ansible_tower	N/A
2018-05-10	CVE-2017-18267	The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service (infinite recursion) via a crafted PDF file, as demonstrated by pdftops.	Ubuntu_linux, Debian_linux, Poppler, Ansible_tower, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation	5.5
2019-03-28	CVE-2019-3869	When running Tower before 3.4.3 on OpenShift or Kubernetes, application credentials are exposed to playbook job runs via environment variables. A malicious user with the ability to write playbooks could use this to gain administrative privileges.	Ansible_tower	N/A
2019-12-19	CVE-2019-19342	A flaw was found in Ansible Tower, versions 3.6.x before 3.6.2 and 3.5.x before 3.5.4, when /websocket is requested and the password contains the '#' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker could easily guess some predictable passwords or brute force the password.	Ansible_tower	N/A